5.8. Testing external MASQ ICMP forwarding

  • Step Eight: Testing external MASQ ICMP forwarding

    From an internal MASQed computer, ping a static TCP/IP address (NOT a machine by DNS name) out on the Internet (i.e. ping (this technically the DNS name "metalab.unc.edu" which is home of MetaLabs' Linux Archive). If this works, it should look something like the result below and this ultimately shows that ICMP Masquerading is working properly. (hit Control-C to abort the ping):

    masq-client# ping
    PING ( 56 data bytes
    64 bytes from icmp_seq=0 ttl=255 time=133.4 ms
    64 bytes from icmp_seq=1 ttl=255 time=132.5 ms
    64 bytes from icmp_seq=2 ttl=255 time=128.8 ms
    64 bytes from icmp_seq=3 ttl=255 time=132.2 ms
    --- ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max = 128.8/131.7/133.4 ms  

    If this didn't work, again check your Internet connection. Make sure that the MASQ server itself can ping this address. If this works from the MASQ server, make sure you are using the simple rc.firewall-* ruleset and that you have ICMP Masqurading compiled into the Linux kernel.

    Finally, make sure that the ruleset which enables IP MASQ is pointing to the correct EXTERNAL interface. PPPoE users should use the MASQ servers's logical PPP interface such as "ppp0" and /NOT/ the physical external interface like "eth0".

Copyright © 2010-2018 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout